We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of LEG seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to pratikid@gmail.com.
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
This information will help us triage your report more quickly.
- All sensitive data is encrypted at rest
- Data in transit is protected using TLS 1.3
- Regular security audits of dependencies
- Automated vulnerability scanning
- Regular penetration testing
- Multi-factor authentication support
- Role-based access control
- Session management
- Password policies
- OAuth 2.0 integration
- Regular security updates
- Network segmentation
- Firewall rules
- Intrusion detection
- DDoS protection
Security updates are released as soon as possible after a vulnerability is confirmed. We follow these steps:
- Confirm the vulnerability
- Develop a fix
- Test the fix
- Release the update
- Notify users
We recommend following these security best practices:
- Keep your installation up to date
- Use strong passwords
- Enable 2FA when available
- Regularly backup your data
- Monitor access logs
- Report suspicious activity
We would like to thank the following security researchers for their responsible disclosure:
- [List of security researchers who have helped improve LEG's security]
For security-related questions or concerns, please contact:
- Security Team: pratikid@gmail.com
- Emergency Contact: pratikid@gmail.com